Ports 135->138



  • Hi,

    I've a small problem and I don't find the good solution.

    My DMZ uses range 192.168.0.0/24.

    When I go to Satus -> System Logs -> Firewall, I've many lines like :

    Sep 28 12:20:11 INTERNET 192.168.0.12:138 192.168.0.255:138 UDP
    Sep 28 12:19:28 INTERNET 192.168.0.60:137 192.168.0.255:137    UDP

    Wich rule have I to add to accept all traffic?

    Thank you for your help,

    Christophe


  • Rebel Alliance Global Moderator

    Ok Im confused, why is "internet" source IP private and the same as your dmz?  That is is broadcast traffic, why would you want to send broadcast traffic from the internet into your dmz??



  • Hi,

    Good question! :o

    In fact, my firewall as 2 network cards on the same network, one for DMZ and one for Internet.

    What have I to change?

    What could I provide exactly to you for help me?

    Christophe


  • Rebel Alliance Global Moderator

    And your behind a NAT router as well??  Why are you seeing private 192.168.x.x address on your internet connection??

    As to 2 network cards on the same network??  WHAT?  That is kind of pointless, your interfaces should be on "different" network.  If you want to isolate a segment as your DMZ that is fine, but sure wouldn't make it the same ip space as your other non dmz network.

    posting of your interfaces couldn't hurt in trying to understand your setup..  Maybe a drawing of your network layout

    example here is my interfaces




  • As you can understand, I'm not a specialist, unfortunatly  :'(

    Here's my config :

    In fact, my firewall is a VM machine and shares the same network, I only have one network card.

    Is it more clear?

    Christophe


  • Rebel Alliance Global Moderator

    So your firewall is VM without only 1 actual physical interface?  And I will ask again, are your behind an actual real router as well??  I assume that if your internet interface is seeing private IPs?

    And I think your a little fuzzy on the proper use of the term DMZ as well, where is your LAN?  Kind of hard to have a DMZ to isolate your services your exposing to the internet from your local network, without the actual local network ;)

    So this VM host, how many interfaces does it have?  Can you draw out your network for me, and exactly what are you trying to do with pfsense on a VM that is not really exposed to the public internet, and has not LAN?


Locked